There's a nice #linux tool:

systemd-analyze security SERVICE

It looks at #security and confinement features used by systemd services as documented here https://www.freedesktop.org/software/systemd/man/systemd.exec.html

An example for my radvd.service